This repository contains a detailed technical report documenting the unpacking process of a Dridex malware sample. The analysis was performed in a controlled virtualized environment using x32dbg, Process Hacker, and PE-bear to locate, extract, and partially reconstruct PE images from memory.

• Setting breakpoints on key APIs (VirtualAlloc, VirtualProtect) to capture unpacked payloads.

• Identifying PE signatures (MZ) in allocated memory regions.

• Extracting binary data directly from memory using Process Hacker.

• Repairing section headers and import tables to rebuild a valid PE structure.

• Documenting best practices for safe malware handling, memory forensics, and partial reconstruction of packed executables.

⚠️ All actions were conducted in an isolated lab environment for educational and research purposes only. This repository contain any live or malicious binaries.